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DETAILED ACTION 

Remarks 

1 . This office action is in response to the amendment filed on 10/13/2008. 

2. Claims 17, 21 and 36 have been canceled. 

3. Claims 1 , 1 1 , 20, and 32 have been amended. 

4. Claims 1-6, 8-16, 18-20 and 22-35 remain pending and have been examined. 



Response to Arguments 

5. Applicant's arguments filed on 10/13/2008, in particular on pages 7-9, have been 
fully considered but they are not persuasive. For example: 
At page 8, third paragraph, the Applicants submit that Jerger requires voluntary 
input from the user in order to run a build process at a specific level of trust. In 
contrast, the claimed subject matter relates to a build process associated with 
different entities, each entity with a corresponding level of trust, which is 
executed at a permission level that is lowest of trust levels associated with the 
entities. By automatically selecting a lowest trust level from all the trust levels 
associated with the entities involved in the build process, the claimed subject 
matter mitigates a need for the user to specify trust levels for each entity as 
taught by Jerger ever while safely executing the build process. However, the 
Examiner respectfully disagrees. First of all, the Examiner interprets the present 
claimed invention as a general software build process combining a step of 
determining/indicating/marking the levels of trust of the build process according 
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user specified levels of trust for each build entries (see for example, third 
paragraph in page 2 of the specification, " sandboxing allows the developer to 
mark different build entities as fully trusted, semi-trusted or untrusted ." [emphasis 
added]) and user defined build policy (see for example, second paragraph of 
page 2). It can be seen that the current application also required manually input 
for specifying level of trust for each entities and other build policy as the 
Applicants argued. Jerger discloses a method of configuration of a system 
security policy that is stored on a host computer, (see for example, Figure 8, 
items 812 Unsigned Permissions, 814 Trusted Signed Permissions, 816 
Untrusted Signed Permissions and related text; also see Fig.11, 
specified/attached permission set to the class), wherein each class is analyzing 
and determining levels of permission/trust (see for example, Fig.13A-C, step 
1312, "Is class digitally signed?", step 1324 "Fail", step 1338, 1318 "Grant 
requested Permissions", "Store any Granted Permissions with the Class"). 
Moreover, it should be noted that claiml recites "determinate one or more levels 
of trust within which the build process operates" which includes "a principal 
permission level" that is determined and dictated by the lowest level of trusted of 
all involved build entities, but does not define what each of level of trust relates to 
or how to impact the execution of the build process and thus can be reasonable 
interpreted as merely indicating all the levels of trust and/or permission for the 
build process. Therefore, as Jerger disclosed above wherein each of the class 
(entity) is analyzed and determined the levels of trust for the execution, it is also 
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including the lowest level of trust of class (entity) as recited in the claim. 
Therefore, Cynerman and Jerger do disclose all the limitations as the Applicants 
argued. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-6, 8-16, 18-20 and 22-35 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cvnerman (Michael Cynerman, Automate your build process 
using Java and Ant) in view of Jerger (US 6,321 ,334). 

Claim 1: 

Cvnerman discloses a system that facilitates management of a build process, 
comprising: 

■ a build process that processes one or more build entities (see for example, 
p.1, section Introducing the powerful XML-based scripting tool, Ant. "A 
defined build process" and related description); and 

■ a policy component that is processed by the build process within which the 
build process operates (see for example, p. 3, example of simple.xml file 
includes build policy/rules for build process) 
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Cynerman also discloses using "include/exclude" and "unless" entities to match 
the pattern in the name attribute from the compilation (see for example, p. 6, first 
and second paragraphs). But Cynerman does not explicitly disclose determining 
one or more levels of trust within which the build process operates. 
However, Jerger in the same analogous art of computer-based system discloses 
a method of configuration of a system security policy that is stored on a host 
computer, (see for example, Figure 8, items 812 Unsigned Permissions, 814 
Trusted Signed Permissions, 816 Untrusted Signed Permissions and related 
text), wherein the one or more build entities are each associated with one or 
more levels of trust, such that at build time, a principal permission level under 
which the build process executes is determined by analyzing the levels of trust 
associated with each of the build entities, and lowest level of trust of all involved 
build entities dictates the principal permission level for execution of the build 
process (see for example, Fig.1 1 , specified/attached permission set to the class, 
Fig.13A-C, step 1312, "Is class digitally signed?", step 1324 "Fail", step 1338, 
1318 "Grant requested Permissions", "Store any Granted Permissions with the 
Class"). Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to define those different levels of trust for 
the build entities and use Cvnerman 's "unless" entities to match the pattern in the 
name attribute about the levels of trust from the compilation. One would have 
been motivated to do so to secure the build process by automatically 
administering the decision to grant or deny permissions to specific build entities 
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as suggested by Jerger (see for example, col. 2, lines 27-51 ) 



Claim 2: 

Cvnerman and Jerger disclose the system of claim 1 , Jerger further discloses the 
levels of trust include levels that are representative of trusted (Unsigned 
Permissions), semi-trusted (Trusted Signed Permissions), and untrusted 
(Untrusted Signed Permissions), (see for example, Figure 8, items 812 Unsigned 
Permissions, 814 Trusted Signed Permissions, 816 Untrusted Signed 
Permissions and related text). 



Claim 3: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman further discloses 
the policy component includes one or more policy files that are processed by the 
build process (see for example, p.3, example of simple.xml file includes build 
policy/rules for build process). 



Claim 4: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman further discloses 
the policy component includes one or more policy files that are processed by the 
build process before the one or more build entities are built (see for example, p.3, 
example of simple.xml file includes build policy/rules for build process). 
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Claim 5: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman further discloses 
the one or more entities include at least one of a project, a task, a logger, and 
operating system (OS) account information (see for example, p. 3, example of 
simple.xml file includes project; also see example command line, p. 7, XmlLogger 
for writing a reporting tool). 

Claim 6: 

Cynerman and Jerger disclose the system of claim 1 , Jerger further discloses at 
least one of the one or more build entities are each associated with the one or 
more of the levels of trust, which associations are defined in the policy 
component via at least one of a user-definable policy file and a default policy file, 
at least one or both of which are processed to determine the level of trust for the 
build process (see for example, Figure 4A, set the security level for this zone, 
items 408-412 and related text; also see col. 18, lines 51-63, "each security zone 
has a default security level, which is used if not changed by a user"). 

Claim 8: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman also discloses a 
computer that employs the system of claim 1 (see for example, p. 3, lines 3-4, NT 
machine). 
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Claim 9: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman also discloses a 
server that employs the system of claim 1 (see for example, p. 3, line 3, server's 
operating system). 

Claim 10: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman also discloses 
the system of claim 1 , the entity is received at least by one of downloading from a 
website, as part of an e-mail, and a version control system (see for example, p. 2, 
line 1 , CVS- Handles package/modules retrieved from a CVS repository). 

Claim 11-15: 

Claims 11-15 are another system version of claims 1 -6 and 8-1 0 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 

Claim 16: 

Cynerman and Jerger disclose the system of claim 1 1 , Jerger further discloses 
an option for setting custom permission level (see for example, Figure 8, item 
816 and 824, "Refuse untrusted permission without asking" and related text). 
Therefore, it would have been obvious that the build process would exclude and 
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not build those entities when the permission level is representative of untrusted. 
Claim 18: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are written in XML (see for example, p. 3, 
example of simple.xml file includes build policy/rules for build process) 

Claim 19: 

Cvnerman and Jerger disclose the system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are adjusted automatically according to one 
or more parameters (see for example, p.3, bottom line - p.4, line 7 the example 
of Ant command line parameter, e.g. "init" and related text). 

Claim 20: 

Claim 20 is computer program product version of the claimed method, wherein all 
claimed limitation functions have been addressed in claims 1-6 and 8-10 above 
respectively. It is well known in the computer art that such method steps can be 
implemented as computer program and can be practiced and /or stored on a 
computer operable media. Thus, they also would have been obvious in view of 
reference teachings above. 
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Claim 22: 

Cynerman and Jerger disclose the system of claim 20, Cynerman further 
discloses the method of claim 20, further comprising sending a message when 
the build process fails (see for example, p. 7, section "Reporting enhancements", 
BuildEvent, "public Throwable getExceptionQ" and related text). 

Claim 23: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
providing a level of trust that allows any operation to be performed during the act 
of performing (see for example, Figure 8, item 816, "Untrusted Signed 
Permissions", item 826, "Apply to all permissions not specifically allowed" and 
related text) 

Claim 24: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a level of trust that allows only a minimal set of operations to be 
performed during the act of performing (see for example, Figure 8, item 816 and 
824, "Refuse untrusted permission without asking" and related text. Therefore, 
only trusted permission allows.). 



Claim 25; 
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Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a level of trust that aborts the build process during the act of performing 
(see for example, Figure 4A, "Set the security level for the zone", item 408 "High, 
exclude content that could damage your computer").. 

Claim 26: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the act of associating associates one of the one or more build entities with at 
least two levels of trust (see for example, Figure 9A, 9C and related text; For 
setting different Read Access type and Connect Access type). 

Claim 27: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a default set of associations between the one or more build entities and 
one or more levels of trust in the form of a file (see for example, Figure 8, "Edit 
Custom Permissions", "Save" button can be used to save configuration to file) 

Claim 28: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the level of trust is defined according to at least one of user-defined policy data 
and default policy data (see for example, Figure 4A, default: High, Medium and 



Application/Control Number: 10/802,239 
Art Unit: 2192 



Page 12 



Low; User defined: Custom). 
Claim 29: 

Cvnerman and Jerqer disclose the system of claim 20, Jerqer further discloses, 
the user-defined policy data overrides the default data where a conflict occurs 
(see for example, col. 18, lines 51-63, "each security zone has a default security 
level, which is used if not changed by a user"). 

Claim 30: 

Cvnerman and Jerqer disclose the system of claim 20, Cvnerman further 
discloses, storing the association of the build entity with the level of trust in the 
form of a file to which access is restricted (see for example, p. 3, example of 
simple.xml file includes build policy/rules for build process; also see p. 6, first and 
second paragraphs, "include/exclude" and related text). 

Claim 31: 

Cvnerman and Jerqer disclose the system of claim 20, Cvnerman further 
discloses, storing the association of the build entity with the level of trust in the 
form of a file that further relates the use of system resources with the level of 
trust (see for example, p. 6, third paragraph about setting "available" property for 
using class "com.ibm.bsf.BSFManager"). 
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Claim 32-35: 

Claims 32-35 are another system version of claims 1-6 and 8-10 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 



Conclusion 

1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

12. Applicant's arguments with respect to claims rejection have been 
considered but are not persuasive. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zheng Wei whose telephone number is (571) 
270-1 059 and Fax number is (571 ) 270-2059. The examiner can normally be 
reached on Monday-Thursday 8:00-15:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Tuan Q. Dam can be reached on (571) 272-3695. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.usptQ.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 



/Z. W./ 

Examiner, Art Unit 2192 



/Tuan Q. Dam/ 

Supervisory Patent Examiner, Art Unit 2192 



